Deleting a samba user: pbdedit vs. smbpasswd, what's the difference?
Both smbpasswd
and pdbedit
can be used for Samba user management.
Answering the question: as of Samba 4 there is no difference between these two commands. Both commands will operate on the same file - be it in smbpasswd or tdbsam format - and do the job.
Expanding on the answer:
smbpasswd
is the older one. It was used to manage Samba credentials stored in the file format of the same name - smbpasswd. The default path for the file in RedHat based distros was /etc/samba/smbpasswd
(to disambiguate: the program itself, the file format and the default file of that format the smbpasswd
program operates on are all called smbpasswd).
pdbedit
came up during the Samba 3 development cycle as a replacement for smbpasswd
. From perspective of the root user pdbedit
is capable of all operations that smbpasswd
can do as well as a superset of them (manage account security and policy settings). The 'native' format for storing Samba credentials for pdbedit
is tdbsam - Trivial DB based password storage backend. On RedHat based distros the default file path is /var/lib/samba/private/passdb.tdb
.
The issue with pdbedit
is that it can only be used by root, while smbpasswd
can be used by regular users to change their Samba passwords in a way similar to what passwd
command does for Linux system accounts. So my understanding is that as of Samba 4 the job of user management is passed to pdbedit
and smbpasswd
is left there for non-root users to be able to change their passwords (though root can still use smbpasswd
to manage Samba credentials store in a limited manner).
From the pbdedit man page:
excerpt
The pdbedit tool uses the passdb modular interface and is independent from the kind of users database used (currently there are smbpasswd, ldap, nis+ and tdb based and more can be added without changing the tool).
While the smbpasswd man page:
excerpt
By default (when run with no arguments) it will attempt to change the current user's SMB password on the local machine. This is similar to the way the passwd(1) program works. smbpasswd differs from how the passwd program works however in that it is not setuid root but works in a client-server mode and communicates with a locally running smbd(8). As a consequence in order for this to succeed the smbd daemon must be running on the local machine. On a UNIX machine the encrypted SMB passwords are usually stored in the smbpasswd(5) file.
So pbdedit
can manipulate a variety of Samba password backends, while smbpasswd
can only manipulate that type of backend.